Sign-up

ID

VAR-202409-0011


CVE

CVE-2024-8461


TITLE

D-Link Systems, Inc.  of  D-Link DNS-320  Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2024-007942

DESCRIPTION

A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. D-Link Systems, Inc. of D-Link DNS-320 There are unspecified vulnerabilities in the firmware.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-8461 // JVNDB: JVNDB-2024-007942

AFFECTED PRODUCTS

vendor:dlinkmodel:dns-320scope:eqversion:2.02b01

Trust: 1.0

vendor:d linkmodel:d-link dns-320scope: - version: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope:eqversion: -

Trust: 0.8

vendor:d linkmodel:d-link dns-320scope:eqversion:d-link dns-320 firmware 2.02b01

Trust: 0.8

sources: JVNDB: JVNDB-2024-007942 // NVD: CVE-2024-8461

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2024-8461
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-8461
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2024-007942
value: MEDIUM

Trust: 0.8

cna@vuldb.com: CVE-2024-8461
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2024-007942
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

cna@vuldb.com: CVE-2024-8461
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: JVNDB-2024-007942
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-007942 // NVD: CVE-2024-8461 // NVD: CVE-2024-8461

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007942 // NVD: CVE-2024-8461

EXTERNAL IDS

db:NVDid:CVE-2024-8461

Trust: 2.6

db:VULDBid:276627

Trust: 1.8

db:DLINKid:SAP10383

Trust: 1.8

db:JVNDBid:JVNDB-2024-007942

Trust: 0.8

sources: JVNDB: JVNDB-2024-007942 // NVD: CVE-2024-8461

REFERENCES

url:https://github.com/leetsun/iot-vuls/tree/main/dlink-dns320/4

Trust: 1.8

url:https://supportannouncement.us.dlink.com/security/publication.aspx?name=sap10383

Trust: 1.8

url:https://vuldb.com/?id.276627

Trust: 1.8

url:https://vuldb.com/?submit.401300

Trust: 1.8

url:https://www.dlink.com/

Trust: 1.8

url:https://vuldb.com/?ctiid.276627

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-8461

Trust: 0.8

sources: JVNDB: JVNDB-2024-007942 // NVD: CVE-2024-8461

SOURCES

db:JVNDBid:JVNDB-2024-007942
db:NVDid:CVE-2024-8461

LAST UPDATE DATE

2024-09-14T22:37:01.641000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-007942date:2024-09-13T01:19:00
db:NVDid:CVE-2024-8461date:2024-09-12T17:17:57.733

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-007942date:2024-09-13T00:00:00
db:NVDid:CVE-2024-8461date:2024-09-05T13:15:11.690